How to blog anonymously, a guide for activists, whistleblowers and journalists

You just need to look at the way governments and state institutions try to restrict content on the internet to understand how powerful the web has become when it comes to dissemination of information, shaping alternative narratives, and uncovering details hitherto unknown to the public.

China might be the world’s second-largest economy, but its internet is more like an intranet – with a plethora of popular sites like Google, Facebook, Twitter, Pinterest, and Medium blocked for users within the country. Government-hired engineers work around the clock to ensure citizens only access content deemed suitable by the state.

There’s other motivations for blogging anonymously, too. Maybe you don’t want your true identity revealed in the fear that your friends and family might find out about it. That’s applicable if you wish to talk about taboo topics, such as sex and sexuality, mental health, or random musings about your daily life.

Whatever your goal – the steps to maintaining a discreet profile on the web remain largely the same.

1. Use a fictitious alias

This is a no-brainer. If you don’t want people to know who you really are, then the first step is to assume a fake identity. Let’s assume you settle on ‘Sarah Palin’ as your blogging name.

In this scenario, you should register for a free email address and use only this one for your blogging outreach. Examples of sites that dish out free email addresses are:

Gmail

Hotmail

Yahoo

We recommend using a free email service because if you pay for one, then your credit card or PayPal details will be logged. That leaves behind a paper trail – making it easier for people to track down who you really are, and nullifying the whole purpose of anonymity.

There’s also the option of using a burner email account. These are accounts that self-destruct after a certain amount of time and don’t require any of your personal details. Guerilla Mail is a safe bet for one-off registrations – there’s no cumbersome login process and it’s completely free. For a long-term option you could use ProtonMail, an end-to-end encrypted service that’s completely untraceable. However, there’s limited server capacity which means you’ll have to apply for an invite.

At the same time, Sarah Palin will need to host her content somewhere – again for free to avoid a paper trail. Some sites that allow people to register for a free blog are: Medium Tumblr WordPress Blogger Jekyll

When you sign up for an email address and a blog hosting account, it’s extremely important to keep registration and sign in activity hidden, too. If you do so with a normal browser like Chrome on an unsecured internet connection, then it’s likely that a log of this activity will be stored on a server somewhere, accessible by your internet provider, email provider, and/or blog host.

In the coming section, we’ll explore how to maintain anonymity at all times – a crucial factor to ensure your privacy is safeguarded.

2. Encrypt your digital presence

The caveat to maintaining an alternative identity is the fact that your location can still be tracked via the IP address you use to log on to the internet.

If you’re using your home or work computer to write blogs, then your broadband provider is maintaining a record of it at all times. This information isn’t difficult to obtain for governments or even private companies if it came to that.

The easiest way to do that is by using a Virtual Private Network (VPN). It sounds more intimidating than it actually is – but don’t let that put you off. All a VPN does is mask your true internet location and encrypt all the internet traffic to and from your device, meaning it’s impossible for hackers or the authorities to determine where you are in the world.

Using a VPN is mostly legal, so you’re not breaking any laws. The only grey area is when they’re used to access something illegally – such as gambling sites in the United Arab Emirates.

There’s a bunch of options out there, but our recommendation is ExpressVPN simply because it is easy to use, has a large number of alternative locations and doesn’t throttle your internet or system performance. The VPN also ranks highly when it comes to privacy ratings – based on factors such as a “no logs” policy and encryption standards.

3. Using the Tor browser

If you don’t want to install a VPN, the other option is to use a safe, secure browser like Tor.

Tor, an anonymous browser originally developed by the US Navy, was released to the public in 2004 with the goal of facilitating anonymous communication in countries where freedom of speech was severely restricted.

Its original intention was to help journalists, bloggers, whistleblowers, and activists – preventing government agencies from tracking them down and using the power of the web to get the message across.

Tor is completely encrypted – meaning any online activity is safe from prying eyes – and a good step on the road to anonymity.

It works by leveraging a highly sophisticated network of proxy servers. When a user types in a web address, it’s these servers that process the request on your behalf – meaning that the host website doesn’t see the actual IP address.

The flow of traffic is encrypted even while the pages are in transit between the servers. Tor adds multiple layers of security – it automatically blocks cookies and other tracking software. It also blocks those annoying popup advertisements that ordinarily use your location for their programmatic wonders.

Unfortunately several countries have understood the power of Tor and blocked users from downloading it completely. To circumvent this ban, there’s the option of using a mirror site.

Click on “latest stable release” for the operating system you wish to install the Tor browser on – Windows or Mac – and download to your device. Once it’s downloaded, follow the instructions and make the necessary changes to your system settings.

The installation guide will take you through the entire process. It’s preferable to use the browser at all times during the blogging process – alternatives like Internet Explorer and Chrome will store your unique footprints and make it easier to track you down.

For an enhanced anonymous experience it’s possible to use a VPN and Tor browser in tandem. To do that, first connect to your VPN once you boot up your computer. When you have a stable connection, open your Tor browser to upload and publish your blog.

4. Steps for further security

If the content you wish to publish is of a highly sensitive nature, then you may want to consider hosting the blog on the darknet completely rather than the public face of the internet accessible by search engines.

This is a prudent approach if you feel the exposé could result in serious risks to your life and hence you want to remain completely hidden. In this scenario your blog might not be read by a lot of people, but as a whistleblower you would feel secure.

Once the blog is up and running you could communicate with journalists over an encrypted messaging service like Telegram and point them to the site.

It’s also far easier to remain hidden and anonymous on a PC/laptop than it is on a smartphone. Both Android and iOS aren’t great for maintaining privacy as both Google and Apple retain the capability of monitoring every single device which uses their OS.

Smartphones also use a plethora of third-party apps, meaning there’s constant data transfer to and from your device to servers across the world. VPNs can be used on your phone to encrypt this traffic, but we recommend that you stick to legacy computers for your blogging and anonymity needs.

5. Stay offline for as long as possible

Some bloggers have a tendency to write directly in WordPress or on the CMS of their host blog, but this tactic can leave you exposed. After all, the longer you are online, the larger your digital footprint. And that’s negating the essence of the reason to be online in the first place – to blog anonymously.

All the writing, editing, and proofreading of your blog posts should be done offline. Use a text editor such as Microsoft Word or Pages. Even Google Docs has an offline option. Write, rewrite, and edit as many times as you want. Simply copy and paste when you’re satisfied with the final draft.

Once you’re done, make sure the text files are deleted both from your desktop as well as the trash. You don’t want any evidence of the blog remaining in your cache, open for detection.

6. Remain guarded at all times

Other than all the sophisticated ways to prevent geo-tagging and location discovery, it’s also a prudent strategy to not reveal even the slightest hints of your personal profile.

If, for example, you live in Los Angeles, then be very cautious about even mentioning things like California, West Coast, or nearby cities. That allows people to narrow down on your location much more tightly than before.

We’re human and therefore fallible. It’s always important to trust your gut – if you receive a random email from someone claiming to have read your blog and wanting to meet up for a coffee to discuss it – don’t assume it’s a well-wisher.

Take extreme precautions – ask for evidence of the person’s identity via a photocopy of their passport or driver’s license. See if it checks out. And make sure the person in question isn’t a security agent out to nab you.

Actually, it’ll just make your life easier if you simply refuse to physically meet anyone that pings you after having read your blog. Just maintain a professional approach – say you’d prefer to interact via email and that you’re uncomfortable with an online-to-offline scenario.

7. Avoid best practices

To ensure your blog is secure from attacks and malware, it’s recommended that you not allow comments or other means of input such as newsletter signups, account registration, and search.

The premise here is that the person looking to write a blog anonymously doesn’t wish to monetize it via Google adsense or native advertising. Hence one doesn’t need to build a critical mass of users – these strategies are generally deployed to grow traffic and pop up on search engine results.

The threat of malware is largely nullified if these aren’t an option at all.